[cryptography] Newbie Question
marsh at extendedsubset.com
Thu Dec 1 21:40:10 PST 2011
On 12/01/2011 11:11 PM, Sampo Syreeni wrote:
> On 2011-12-01, Randall Webmail wrote:
>> I am an almost-complete greenie WRT crypto, which is why I'm here
>> to learn.
>> What is the proper thing to do when one of those things pops up?
>> (It is NOT a rare event).
> They mostly mean you no harm.
You don't know that.
For all we know, Randall Webmail is someone who posted something
derogatory about the King or El Presidente and when the Honor Police get
on his Facebook they're going to round up all his friends along with him.
Or he's sitting comfortably in his quite suburban home and he happens to
have one of the estimated 1M home routers that are pwned or 1M PCs with
the dnschanger trojan and his banking session is being redirected to a
> So just accept/except.
This is not good advice.
> But always bear in mind that it *could* be a man-in-the-middle
All legitimate secure sites have a valid certificate, or the site is
If you ask for a secure site, and are presented with a certificate that
was not issued to the legitimate site, it *is* a man-in-the-middle attack,
Just because you're staying in a hotel does not mean that you must allow
that hotel to intercept your secure communications. Furthermore, you
probably have know way of knowing that it even is the hotel that's
intercepting you. Hotel networks are not known for themselves being
secure, and authentication systems tend not to degrade gracefully.
cryptography mailing list
cryptography at randombit.net
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy